[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-40953":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":29,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":128,"related":129,"reserved_at":9,"published_at":141,"modified_at":142,"state":143,"summary":144,"references_raw":153,"kevs":196,"epss":197,"epss_history":200,"metrics":428,"affected":434},"CVE-2024-40953","In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()\n\nUse {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the\nloads and stores are atomic.  In the extremely unlikely scenario the\ncompiler tears the stores, it's theoretically possible for KVM to attempt\nto get a vCPU using an out-of-bounds index, e.g. if the write is split\ninto multiple 8-bit stores, and is paired with a 32-bit load on a VM with\n257 vCPUs:\n\n  CPU0                              CPU1\n  last_boosted_vcpu = 0xff;\n\n                                    (last_boosted_vcpu = 0x100)\n                                    last_boosted_vcpu[15:8] = 0x01;\n  i = (last_boosted_vcpu = 0x1ff)\n                                    last_boosted_vcpu[7:0] = 0x00;\n\n  vcpu = kvm->vcpu_array[0x1ff];\n\nAs detected by KCSAN:\n\n  BUG: KCSAN: data-race in kvm_vcpu_on_spin [kvm] / kvm_vcpu_on_spin [kvm]\n\n  write to 0xffffc90025a92344 of 4 bytes by task 4340 on cpu 16:\n  kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4112) kvm\n  handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n  vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t arch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n  vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n  kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n  kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n  __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n  __x64_sys_ioctl (fs/ioctl.c:890)\n  x64_sys_call (arch/x86/entry/syscall_64.c:33)\n  do_syscall_64 (arch/x86/entry/common.c:?)\n  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n  read to 0xffffc90025a92344 of 4 bytes by task 4342 on cpu 4:\n  kvm_vcpu_on_spin (arch/x86/kvm/../../../virt/kvm/kvm_main.c:4069) kvm\n  handle_pause (arch/x86/kvm/vmx/vmx.c:5929) kvm_intel\n  vmx_handle_exit (arch/x86/kvm/vmx/vmx.c:?\n\t\t\tarch/x86/kvm/vmx/vmx.c:6606) kvm_intel\n  vcpu_run (arch/x86/kvm/x86.c:11107 arch/x86/kvm/x86.c:11211) kvm\n  kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:?) kvm\n  kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:?) kvm\n  __se_sys_ioctl (fs/ioctl.c:52 fs/ioctl.c:904 fs/ioctl.c:890)\n  __x64_sys_ioctl (fs/ioctl.c:890)\n  x64_sys_call (arch/x86/entry/syscall_64.c:33)\n  do_syscall_64 (arch/x86/entry/common.c:?)\n  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\n  value changed: 0x00000012 -> 0x00000000",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-362","Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')","The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.","weakness","Draft","Class","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-26","Leveraging Race Conditions",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[],[],[],[32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62,64,66,68,70,72,74,76,78,80,82,84,86,88,90,92,94,96,98,100,102,104,106,108,110,112,114,116,118,120,122,124,126],{"_key":33},"SUSE-SU-2024:2802-1",{"_key":35},"SUSE-SU-2024:2894-1",{"_key":37},"SUSE-SU-2024:2892-1",{"_key":39},"SUSE-SU-2024:2901-1",{"_key":41},"SUSE-SU-2024:2940-1",{"_key":43},"SUSE-SU-2024:2896-1",{"_key":45},"SUSE-SU-2024:2939-1",{"_key":47},"SUSE-SU-2024:2947-1",{"_key":49},"SUSE-SU-2024:2973-1",{"_key":51},"DLA-4008-1",{"_key":53},"DLA-4075-1",{"_key":55},"DSA-5731-1",{"_key":57},"SUSE-SU-2025:20008-1",{"_key":59},"SUSE-SU-2025:20028-1",{"_key":61},"DEBIAN-CVE-2024-40953",{"_key":63},"UBUNTU-CVE-2024-40953",{"_key":65},"USN-6999-1",{"_key":67},"USN-6999-2",{"_key":69},"USN-7004-1",{"_key":71},"USN-7005-1",{"_key":73},"USN-7005-2",{"_key":75},"USN-7008-1",{"_key":77},"USN-7029-1",{"_key":79},"USN-7288-1",{"_key":81},"USN-7288-2",{"_key":83},"USN-7289-1",{"_key":85},"USN-7289-2",{"_key":87},"USN-7289-3",{"_key":89},"USN-7289-4",{"_key":91},"USN-7291-1",{"_key":93},"USN-7293-1",{"_key":95},"USN-7294-1",{"_key":97},"USN-7294-2",{"_key":99},"USN-7294-3",{"_key":101},"USN-7294-4",{"_key":103},"USN-7295-1",{"_key":105},"USN-7305-1",{"_key":107},"USN-7308-1",{"_key":109},"USN-7331-1",{"_key":111},"USN-7388-1",{"_key":113},"USN-7389-1",{"_key":115},"USN-7390-1",{"_key":117},"USN-7393-1",{"_key":119},"USN-7401-1",{"_key":121},"USN-7413-1",{"_key":123},"USN-7458-1",{"_key":125},"USN-7539-1",{"_key":127},"USN-7540-1",[],[130,131,132,133,134,135,136,137,138,139,140],{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":57},{"_key":59},"2024-07-12T12:31:56.832Z","2026-05-11T20:23:01.403Z","Modified",{"cisa_kev":145,"cisa_ransomware":145,"cisa_vendor":9,"epss_severity":146,"epss_score":147,"severity":148,"severity_score":149,"severity_version":150,"severity_source":151,"severity_vector":152,"severity_status":143},false,"low",0.00012,"medium",4.7,"v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",[154,160,164,168,172,176,180,184,188,192],{"url":155,"sources":156,"tags":158},"https://git.kernel.org/stable/c/11a772d5376aa6d3e2e69b5b5c585f79b60c0e17",[157,151],"cve.org",[159],"Patch",{"url":161,"sources":162,"tags":163},"https://git.kernel.org/stable/c/4c141136a28421b78f34969b25a4fa32e06e2180",[157,151],[159],{"url":165,"sources":166,"tags":167},"https://git.kernel.org/stable/c/71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84",[157,151],[159],{"url":169,"sources":170,"tags":171},"https://git.kernel.org/stable/c/82bd728a06e55f5b5f93d10ce67f4fe7e689853a",[157,151],[159],{"url":173,"sources":174,"tags":175},"https://git.kernel.org/stable/c/92c77807d938145c7c3350c944ef9f39d7f6017c",[157,151],[159],{"url":177,"sources":178,"tags":179},"https://git.kernel.org/stable/c/a937ef951bba72f48d2402451419d725d70dba20",[157,151],[159],{"url":181,"sources":182,"tags":183},"https://git.kernel.org/stable/c/95c8dd79f3a14df96b3820b35b8399bd91b2be60",[157,151],[159],{"url":185,"sources":186,"tags":187},"https://git.kernel.org/stable/c/49f683b41f28918df3e51ddc0d928cb2e934ccdb",[157,151],[159],{"url":189,"sources":190,"tags":191},"https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html",[157,151],[],{"url":193,"sources":194,"tags":195},"https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html",[157,151],[],[],{"date":198,"score":147,"percentile":199},"2026-06-03",0.01619,[201,205,208,211,213,215,217,219,222,224,226,228,230,232,235,239,242,245,248,250,253,255,258,261,264,267,270,272,275,278,280,283,286,289,291,294,297,300,303,306,309,312,315,317,319,321,324,326,328,331,334,336,338,340,343,345,347,350,352,354,356,358,361,364,367,369,371,373,375,377,379,381,383,385,387,389,391,393,395,397,399,401,404,407,410,413,416,419,422,425],{"date":202,"score":203,"percentile":204},"2025-11-04",0.00008,0.00447,{"date":206,"score":203,"percentile":207},"2025-11-05",0.00446,{"date":209,"score":203,"percentile":210},"2025-11-06",0.00448,{"date":212,"score":203,"percentile":210},"2025-11-07",{"date":214,"score":203,"percentile":204},"2025-11-08",{"date":216,"score":203,"percentile":207},"2025-11-09",{"date":218,"score":203,"percentile":207},"2025-11-10",{"date":220,"score":203,"percentile":221},"2025-11-11",0.00449,{"date":223,"score":203,"percentile":207},"2025-11-12",{"date":225,"score":203,"percentile":207},"2025-11-13",{"date":227,"score":203,"percentile":204},"2025-11-14",{"date":229,"score":203,"percentile":210},"2025-11-15",{"date":231,"score":203,"percentile":204},"2025-11-16",{"date":233,"score":203,"percentile":234},"2025-11-17",0.00445,{"date":236,"score":237,"percentile":238},"2025-11-18",0.00066,0.1637,{"date":240,"score":237,"percentile":241},"2025-11-19",0.16383,{"date":243,"score":237,"percentile":244},"2025-11-20",0.16357,{"date":246,"score":203,"percentile":247},"2025-11-21",0.00456,{"date":249,"score":203,"percentile":247},"2025-11-22",{"date":251,"score":203,"percentile":252},"2025-11-23",0.00457,{"date":254,"score":203,"percentile":247},"2025-11-24",{"date":256,"score":203,"percentile":257},"2025-11-25",0.00455,{"date":259,"score":203,"percentile":260},"2025-11-26",0.00454,{"date":262,"score":203,"percentile":263},"2025-11-27",0.00453,{"date":265,"score":203,"percentile":266},"2025-11-28",0.00458,{"date":268,"score":203,"percentile":269},"2025-11-29",0.00462,{"date":271,"score":203,"percentile":269},"2025-11-30",{"date":273,"score":203,"percentile":274},"2025-12-01",0.00461,{"date":276,"score":203,"percentile":277},"2025-12-02",0.0046,{"date":279,"score":203,"percentile":269},"2025-12-03",{"date":281,"score":203,"percentile":282},"2025-12-04",0.00467,{"date":284,"score":203,"percentile":285},"2025-12-05",0.00471,{"date":287,"score":203,"percentile":288},"2025-12-06",0.0047,{"date":290,"score":203,"percentile":288},"2025-12-07",{"date":292,"score":203,"percentile":293},"2025-12-08",0.00474,{"date":295,"score":203,"percentile":296},"2025-12-09",0.00488,{"date":298,"score":203,"percentile":299},"2025-12-10",0.00489,{"date":301,"score":203,"percentile":302},"2025-12-11",0.00491,{"date":304,"score":203,"percentile":305},"2025-12-12",0.00499,{"date":307,"score":203,"percentile":308},"2025-12-13",0.00498,{"date":310,"score":203,"percentile":311},"2025-12-14",0.00494,{"date":313,"score":203,"percentile":314},"2025-12-15",0.00493,{"date":316,"score":203,"percentile":311},"2025-12-16",{"date":318,"score":203,"percentile":311},"2025-12-17",{"date":320,"score":203,"percentile":302},"2025-12-18",{"date":322,"score":203,"percentile":323},"2025-12-19",0.0049,{"date":325,"score":203,"percentile":323},"2025-12-20",{"date":327,"score":203,"percentile":299},"2025-12-21",{"date":329,"score":203,"percentile":330},"2025-12-22",0.00492,{"date":332,"score":203,"percentile":333},"2025-12-23",0.00497,{"date":335,"score":203,"percentile":308},"2025-12-24",{"date":337,"score":203,"percentile":308},"2025-12-25",{"date":339,"score":203,"percentile":308},"2025-12-26",{"date":341,"score":203,"percentile":342},"2025-12-27",0.00496,{"date":344,"score":203,"percentile":308},"2025-12-28",{"date":346,"score":203,"percentile":333},"2025-12-29",{"date":348,"score":203,"percentile":349},"2025-12-30",0.00495,{"date":351,"score":203,"percentile":314},"2025-12-31",{"date":353,"score":203,"percentile":314},"2026-01-01",{"date":355,"score":203,"percentile":333},"2026-01-02",{"date":357,"score":203,"percentile":308},"2026-01-03",{"date":359,"score":203,"percentile":360},"2026-01-04",0.00485,{"date":362,"score":203,"percentile":363},"2026-01-05",0.00487,{"date":365,"score":203,"percentile":366},"2026-01-06",0.00486,{"date":368,"score":203,"percentile":366},"2026-01-07",{"date":370,"score":203,"percentile":296},"2026-01-08",{"date":372,"score":203,"percentile":349},"2026-01-09",{"date":374,"score":203,"percentile":333},"2026-01-10",{"date":376,"score":203,"percentile":342},"2026-01-11",{"date":378,"score":203,"percentile":311},"2026-01-12",{"date":380,"score":203,"percentile":314},"2026-01-13",{"date":382,"score":203,"percentile":342},"2026-01-14",{"date":384,"score":203,"percentile":342},"2026-01-15",{"date":386,"score":203,"percentile":349},"2026-01-16",{"date":388,"score":203,"percentile":349},"2026-01-17",{"date":390,"score":203,"percentile":333},"2026-01-18",{"date":392,"score":203,"percentile":311},"2026-01-19",{"date":394,"score":203,"percentile":311},"2026-01-20",{"date":396,"score":203,"percentile":314},"2026-01-21",{"date":398,"score":203,"percentile":314},"2026-01-22",{"date":400,"score":203,"percentile":308},"2026-01-23",{"date":402,"score":203,"percentile":403},"2026-01-24",0.005,{"date":405,"score":203,"percentile":406},"2026-01-25",0.00502,{"date":408,"score":203,"percentile":409},"2026-01-26",0.00504,{"date":411,"score":203,"percentile":412},"2026-01-27",0.00508,{"date":414,"score":203,"percentile":415},"2026-01-28",0.0051,{"date":417,"score":203,"percentile":418},"2026-01-29",0.00513,{"date":420,"score":203,"percentile":421},"2026-01-30",0.00522,{"date":423,"score":203,"percentile":424},"2026-01-31",0.00525,{"date":426,"score":203,"percentile":427},"2026-02-01",0.00527,[429],{"source":151,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":149,"baseSeverity":431,"vectorString":152,"impactScore":432,"exploitabilityScore":433},"MEDIUM",6,2.6,[435,470],{"ecosystem":9,"name":436,"vendor":437,"product":437,"cpe_part":438,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":439},"Linux","linux","a",[440,447,450,453,456,459,462,465,468],{"version":441,"is_range":442,"range_type":157,"version_start":443,"version_start_type":444,"version_end":445,"version_end_type":446,"fixed_in":9},">= 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42, \u003C 11a772d5376aa6d3e2e69b5b5c585f79b60c0e17",true,"217ece6129f2d3b4fdd18d9e79be9e43d8d14a42","including","11a772d5376aa6d3e2e69b5b5c585f79b60c0e17","excluding",{"version":448,"is_range":442,"range_type":157,"version_start":443,"version_start_type":444,"version_end":449,"version_end_type":446,"fixed_in":9},">= 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42, \u003C 4c141136a28421b78f34969b25a4fa32e06e2180","4c141136a28421b78f34969b25a4fa32e06e2180",{"version":451,"is_range":442,"range_type":157,"version_start":443,"version_start_type":444,"version_end":452,"version_end_type":446,"fixed_in":9},">= 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42, \u003C 71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84","71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84",{"version":454,"is_range":442,"range_type":157,"version_start":443,"version_start_type":444,"version_end":455,"version_end_type":446,"fixed_in":9},">= 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42, \u003C 82bd728a06e55f5b5f93d10ce67f4fe7e689853a","82bd728a06e55f5b5f93d10ce67f4fe7e689853a",{"version":457,"is_range":442,"range_type":157,"version_start":443,"version_start_type":444,"version_end":458,"version_end_type":446,"fixed_in":9},">= 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42, \u003C 92c77807d938145c7c3350c944ef9f39d7f6017c","92c77807d938145c7c3350c944ef9f39d7f6017c",{"version":460,"is_range":442,"range_type":157,"version_start":443,"version_start_type":444,"version_end":461,"version_end_type":446,"fixed_in":9},">= 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42, \u003C a937ef951bba72f48d2402451419d725d70dba20","a937ef951bba72f48d2402451419d725d70dba20",{"version":463,"is_range":442,"range_type":157,"version_start":443,"version_start_type":444,"version_end":464,"version_end_type":446,"fixed_in":9},">= 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42, \u003C 95c8dd79f3a14df96b3820b35b8399bd91b2be60","95c8dd79f3a14df96b3820b35b8399bd91b2be60",{"version":466,"is_range":442,"range_type":157,"version_start":443,"version_start_type":444,"version_end":467,"version_end_type":446,"fixed_in":9},">= 217ece6129f2d3b4fdd18d9e79be9e43d8d14a42, \u003C 49f683b41f28918df3e51ddc0d928cb2e934ccdb","49f683b41f28918df3e51ddc0d928cb2e934ccdb",{"version":469,"is_range":145,"range_type":157,"version_start":469,"version_start_type":444,"version_end":469,"version_end_type":444,"fixed_in":9},"2.6.39",{"ecosystem":9,"name":471,"vendor":437,"product":472,"cpe_part":473,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"linux kernel","linux_kernel","o",[475,479,483,487,491,495,499,503,505,507,509],{"version":476,"is_range":442,"range_type":477,"version_start":469,"version_start_type":444,"version_end":478,"version_end_type":446,"fixed_in":9},"gte2.6.39_lt4.19.323","cpe","4.19.323",{"version":480,"is_range":442,"range_type":477,"version_start":481,"version_start_type":444,"version_end":482,"version_end_type":446,"fixed_in":9},"gte4.20_lt5.4.285","4.20","5.4.285",{"version":484,"is_range":442,"range_type":477,"version_start":485,"version_start_type":444,"version_end":486,"version_end_type":446,"fixed_in":9},"gte5.5_lt5.10.228","5.5","5.10.228",{"version":488,"is_range":442,"range_type":477,"version_start":489,"version_start_type":444,"version_end":490,"version_end_type":446,"fixed_in":9},"gte5.11_lt5.15.169","5.11","5.15.169",{"version":492,"is_range":442,"range_type":477,"version_start":493,"version_start_type":444,"version_end":494,"version_end_type":446,"fixed_in":9},"gte5.16_lt6.1.96","5.16","6.1.96",{"version":496,"is_range":442,"range_type":477,"version_start":497,"version_start_type":444,"version_end":498,"version_end_type":446,"fixed_in":9},"gte6.2_lt6.6.36","6.2","6.6.36",{"version":500,"is_range":442,"range_type":477,"version_start":501,"version_start_type":444,"version_end":502,"version_end_type":446,"fixed_in":9},"gte6.7_lt6.9.7","6.7","6.9.7",{"version":504,"is_range":145,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.10:rc1",{"version":506,"is_range":145,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.10:rc2",{"version":508,"is_range":145,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.10:rc3",{"version":510,"is_range":145,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.10:rc4"]